Integrity checking in cryptographic file systems with constant trusted storage

16th USENIX Security Symposium

Volumn , Issue , 2007, Pages 183-198

  Oprea, Alina ^a   Reiter, Michael K ^b  

^a Carnegie Mellon University   (United States)

^b CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; FORESTRY; TREES (MATHEMATICS);

CRYPTOGRAPHIC FILE SYSTEMS; FILE CONTENTS; INTEGRITY CHECKING; MERKLE TREES; NEW CONSTRUCTIONS; SEQUENTIALITY; STORAGE REQUIREMENTS; TYPICAL APPLICATION;

FILE ORGANIZATION;

EID: 38149124657     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (33)

1. A. Adya, W. J. Bolosky, M. Castro, G. Cermak, R. Chaiken, J. R. Douceur, J. Howell, J. R. Lorch, M. Theimer, and R. P. Wattenhofer. FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In Proc. 5th Symposium on Operating System Design and Implementation (OSDI). Usenix, 2002.
2. Advanced encryption standard. Federal Information Processing Standards Publication 197, U.S. Department of Commerce/National Institute of Standards and Technology, National Technical Information Service, Springfield, Virginia, Nov. 2001.
3. M. Bellare, R. Canetti, and H. Krawczyk. Keying hash functions for message authentication. In Proc. Crypto 1996, volume 1109 of Lecture Notes in Computer Science, pages 1–15. Springer-Verlag, 1996.
4. J. Black and H. Urtubia. Side-channel attacks on symmetric encryption schemes: The case for authenticated encryption. In Proc. 11th USENIX Security Symposium, pages 327–338, 2002.
5. M. Blum, W. S. Evans, P. Gemmell, S. Kannan, and M. Naor. Checking the correctness of memories. Algorithmica, 12:225–244, 1994.
6. G. Cattaneo, L. Catuogno, A. D. Sorbo, and P. Persiano. The design and implementation of a transparent cryptographic file system for Unix. In Proc. USENIX Annual Technical Conference 2001, Freenix Track, pages 199–212, 2001.
7. D. E. Clarke, G. E. Suh, B. Gassend, A. Sudan, M. van Dijk, and S. Devadas. Towards constant bandwidth overhead integrity checking of untrusted data. In Proc. 26th IEEE Symposium on Security and Privacy, pages 139–153, 2005.
8. DES modes of operation. Federal Information Processing Standards Publication 81, U.S. Department of Commerce/National Bureau of Standards, National Technical Information Service, Springfield, Virginia, 1980.
9. D. Ellard, J. Ledlie, P. Malkani, and M. Seltzer. Passive NFS tracing of email and research workloads. In Proc. Second USENIX Conference on File and Storage Technologies (FAST), pages 203–216, 2003.
10. K. Fu. Group sharing and random access in cryptographic storage file systems. Master’s thesis, Massachusetts Institute of Technology, 1999.
11. K. Fu, F. Kaashoek, and D. Mazieres. Fast and secure distributed read-only file system. ACM Transactions on Computer Systems, 20:1–24, 2002.
12. FUSE: filesystem in userspace. http://fuse.sourceforge.net.
13. E. Goh, H. Shacham, N. Modadugu, and D. Boneh. SiRiUS: Securing remote untrusted storage. In Proc. Network and Distributed Systems Security (NDSS) Symposium 2003, pages 131–145. ISOC, 2003.
14. V. Gough. EncFS encrypted filesystem. http://arg0.net/wiki/encfs, 2003.
15. S. Halevi and P. Rogaway. A tweakable enciphering mode. In Proc. Crypto 2003, volume 2729 of Lecture Notes in Computer Science, pages 482–499. Springer-Verlag, 2003.
16. S. Halevi and P. Rogaway. A parallelizable enciphering mode. In Proc. The RSA conference - Cryptographer’s track (RSA-CT), volume 2964 of Lecture Notes in Computer Science, pages 292–304. Springer-Verlag, 2004.
17. M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus: Scalable secure file sharing on untrusted storage. In Proc. Second USENIX Conference on File and Storage Technologies (FAST), 2003.
18. V. Kher and Y. Kim. Securing distributed storage: Challenges, techniques, and systems. In Proc. First ACM International Workshop on Storage Security and Survivability (StorageSS 2005), 2005.
19. G. H. Kim and E. H. Spafford. The design and implementation of Tripwire: A filesystem integrity checker. In Proc. Second ACM Conference on Computer and Communication Security (CCS), pages 18–29, 1994.
20. J. Li, M. Krohn, D. Mazieres, and D. Shasha. Secure untrusted data repository. In Proc. 6th Symposium on Operating System Design and Implementation (OSDI), pages 121–136. Usenix, 2004.
21. M. Liskov, R. Rivest, and D. Wagner. Tweakable block ciphers. In Proc. Crypto 2002, volume 2442 of Lecture Notes in Computer Science, pages 31–46. Springer-Verlag, 2002.
22. D. Mazieres, M. Kaminsky, M. Kaashoek, and E. Witchel. Separating key management from file system security. In Proc. 17th ACM Symposium on Operating Systems Principles (SOSP), pages 124–139. ACM Press, 1999.
23. J. Menon, D. Pease, R. Rees, L. Duyanovich, and B. Hillsberg. IBM Storage Tank - a heterogeneous scalable SAN file system. IBM Systems Journal, 42(2), 2003.
24. R. Merkle. A certified digital signature. In Proc. Crypto 1989, volume 435 of Lecture Notes in Computer Science, pages 218–238. Springer-Verlag, 1989.
25. E. Miller, D. Long, W. Freeman, and B. Reed. Strong security for distributed file systems. In Proc. the First USENIX Conference on File and Storage Technologies (FAST), 2002.
26. A. Oprea, M. K. Reiter, and K. Yang. Space-efficient block storage integrity. In Proc. Network and Distributed System Security Symposium (NDSS). ISOC, 2005.
27. R. Pletka and C. Cachin. Cryptographic security for a high-performance distributed file system. Technical Report RZ 3661, IBM Research, Sept. 2006.
28. E. Riedel, M. Kallahalla, and R. Swaminathan. A framework for evaluating storage system security. In Proc. First USENIX Conference on File and Storage Technologies (FAST), pages 15–30, 2002.
29. P. Rogaway and T. Shrimpton. Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In Proc. 11th International Workshop on Fast Software Encryption (FSE 2004), volume 3017 of Lecture Notes in Computer Science, pages 371–388. Springer-Verlag, 2004.
30. Secure hash standard. Federal Information Processing Standards Publication 180-1, U.S. Department of Commerce/National Institute of Standards and Technology, National Technical Information Service, Springfield, Virginia, Apr. 1995.
31. G. Sivathanu, C. Wright, and E. Zadok. Ensuring data integrity in storage: Techniques and applications. In Proc. ACM Workshop on Storage Security and Survivability, 2005.
32. C. A. Stein, J. Howard, and M. I. Seltzer. Unifying file system protection. In Proc. USENIX Annual Technical Conference, pages 79–90, 2001.
33. C. P. Wright, J. Dave, and E. Zadok. Cryptographic file systems performance: What you don’t know can hurt you. In Proc. Second Intl. IEEE Security in Storage Workhsop (SISW), 2003.